This message was deleted.

Slackbot

12/01/2022, 12:57 PM

This message was deleted.

Ashu

12/01/2022, 1:15 PM

@nitya-signoz can you look into this?

nitya-signoz

12/01/2022, 1:20 PM

Can you provide more info on what you were expecting and what you got? Also, do check out the protocol for Syslog, a mismatch on either side might cause a problem https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/syslogreceiver#configuration

EzzEddin Abdullah

12/01/2022, 2:01 PM

Sure. For example, this is the script I used:

Copy code

import logging
from logging.handlers import SysLogHandler


def main():
    logger = logging.getLogger(__name__)
    logger.setLevel(logging.DEBUG)
    handler = SysLogHandler(
        facility=SysLogHandler.LOG_DAEMON,
        address='/dev/log'
        )

    formatter = logging.Formatter(
        fmt="%(asctime)s - %(filename)s:%(funcName)s:%(lineno)d %(levelname)s - '%(message)s'",
        datefmt="%Y-%m-%d %H:%M:%S"
        )
    handler.setFormatter(formatter)
    logger.addHandler(handler)

    logger.debug('Sending syslog_message to SigNoz!')

if __name__ == '__main__':
    main()

As you can see, this is the message

Sending syslog_message to SigNoz!

I want to send to SigNoz. After I run this script, I search for the keyword

syslog_message

and I get nothing in return. I've looked into the documentation of SysLogHandler and it looks like the protocol is RFC 5424: https://docs.python.org/3/library/logging.handlers.html#sysloghandler (not sure though) If the protocol is correct for the logging module. How can I configure the one on SigNoz?

nitya-signoz

12/02/2022, 4:08 AM

Will get back to you on this by today EOD.

nitya-signoz

12/02/2022, 11:12 AM

So if you check the syslog file it’s getting written as

Copy code

Dec  2 10:43:50 ip-172-31-27-188 systemd[631729]: Listening on D-Bus User Message Bus Socket.
Dec  2 10:43:50 ip-172-31-27-188 systemd[631729]: Reached target Sockets.
Dec  2 10:43:50 ip-172-31-27-188 systemd[631729]: Reached target Basic System.
Dec  2 10:43:50 ip-172-31-27-188 systemd[631729]: Reached target Main User Target.
Dec  2 10:43:50 ip-172-31-27-188 systemd[631729]: Startup finished in 45ms.
Dec  2 10:43:50 ip-172-31-27-188 systemd[1]: Started User Manager for UID 1000.
Dec  2 10:43:50 ip-172-31-27-188 systemd[1]: Started Session 81 of User ubuntu.
Dec  2 10:49:34 ip-172-31-27-188 2022-12-02 10:49:34 - main.py:main:20 DEBUG - 'Sending syslog_message to SigNoz!'
Dec  2 10:49:46 ip-172-31-27-188 systemd[1]: Started Session 83 of User ubuntu.
Dec  2 10:49:53 ip-172-31-27-188 2022-12-02 10:49:53 - main.py:main:20 DEBUG - 'Sending syslog_message to SigNoz!'

Now the Syslog parser is putting

Copy code

`2022-12-02 10:49:53 - main.py:main:20 DEBUG - 'Sending syslog_message to SigNoz!'

in the value of the body. Which I think is your concern right? If yes the reason here is in the syslog format eveything that you have published from the python script goes to the body as it writes its own timestamp. Incase you want to parse the above and only keep

Copy code

`'Sending syslog_message to SigNoz!'

as your body you will have pipeline operators to parse your logs in the otel-collector-config. ex:- https://github.com/SigNoz/nginx-logs-parsing/blob/c14a2178a050293a50549b79991ed3858e295c78/clickhouse-setup/otel-collector-config.yaml#L30

EzzEddin Abdullah

12/12/2022, 11:53 AM

@nitya-signoz I'm sorry for replying too late. So why do you think searching for that specific keyword is not shown in the SigNoz dashboard? Is it because the parser didn't get that specific format?

nitya-signoz

12/13/2022, 3:22 AM

While searching it should work regardless if the keyword is present in the log body. Can you check if the correct timerange is selected and try once again and check ?

EzzEddin Abdullah

12/26/2022, 12:29 PM

@nitya-signoz, I'll try to list what I've done step by step, and let me know please which step is not clear

EzzEddin Abdullah

12/26/2022, 12:38 PM

I followed this tutorial about collecting syslogs. So I did the following: • Modified

deploy/docker/clickhouse-setup/docker-compose.yaml

file as described • Added the syslog receivers in

deploy/docker/clickhouse-setup/otel-collector-config.yaml

file and then appended the

syslog

in the receivers list • Modified the

/etc/rsyslog.conf

to add this line:

*.* action(type="omfwd" target="0.0.0.0" port="54527" protocol="tcp")

•

sudo systemctl restart rsyslog.service

•

sudo systemctl status rsyslog.service

so it's activated now • Ran the SigNoz cluster using:

docker-compose -f docker/clickhouse-setup/docker-compose.yaml up -d

• Ran the python script that contains the syslog script • Check the

tail /var/log/syslog

and saw the log inside Finally, signed up to SigNoz dashboard to see the logs. But when I searched for the syslog statement, I found some logs that do not match the specific syslog keywords. Any idea what's wrong I'm doing here?

nitya-signoz

12/27/2022, 8:25 AM

We can get on a call for this. Please select a timeslot based on your availability. https://calendly.com/nityananda/30min

✅ 1

EzzEddin Abdullah

12/27/2022, 9:59 AM

Thanks, I've scheduled it.

👍 1

153 Views

Open in Slack

Previous Next

SigNoz Community

SigNoz is an open-source APM. It helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.